US government sanctions tech company involved in cyber scams

The U.S. government imposed sanctions on Funnull, a company accused of providing infrastructure for cybercriminals running “pig butchering” crypto scams that have led to $200 million in losses for American victims. 

On Thursday, the Treasury’s Office of Foreign Assets Control announced the sanctions, saying Funnull is “linked to the majority of virtual currency investment scam websites reported to the FBI.” The press release said that the $200 million in losses results in an average loss of $150,000 per victim, but that the numbers “likely underestimate the total losses, as many victims of scams do not report the crime.”

Pig butchering scams involve criminals approaching victims online, often pretending to be interested in a romantic relationship, with the goal of tricking the victims into sending them money to invest in nonexistent crypto projects. 

According to the Treasury, Funnull is based in the Philippines and run by Chinese-national Liu Lizhi, who was also sanctioned on Thursday. 

Funnull, according to the Treasury, generated domain names for websites on IP addresses it owns, and provided “web design templates to cybercriminals.”

“These services not only make it easier for cybercriminals to impersonate trusted brands when creating scam websites, but also allow them to quickly change to different domain names and IP addresses when legitimate providers attempt to take the websites down,” the Treasury said.

The FBI released an alert that included more information about these activities.

The Treasury referred to the Polyfill supply chain attack in its press release, saying Funnell “purchased a repository of code used by web developers and maliciously altered the code to redirect visitors of legitimate websites to scam websites and online gambling sites, some of which are linked to Chinese criminal money laundering operations.” 

Those activities are exactly what researchers from cybersecurity firm Silent Push accused FUNNULL of carrying out last year. Researchers found that Funnull was responsible for the Polyfill supply chain attack, which was launched to push malware to whoever visited websites that used Polyfill’s code. The goal was to redirect users to a malicious network of casino and online gambling sites, the researchers found.

Zach Edwards, a researcher at Silent Push who worked on the Funnull report last year, told TechCrunch that he was “really glad to see the facts aligned with our suspicions.”

“It’s encouraging that the Treasury has taken actions against the largest pig butchering and money laundering network that exists targeting people in the U.S., but we know that more needs to be done,” said Edwards. “This effort from Funnull is the tip of the iceberg for what is actually going on right now out of China with financial schemes targeting Americans.”

“Global threat actors that are targeting Americans with financial scams need to be held accountable, and doxing the companies they work with and the individuals who run those companies, is an important first step,” he added.